Cryptography is one of the most effective ways to enhance information security. Biometrics based cryptographic key generation techniques, in which biometric ...
Biometric Cryptographic Key Generation Based on City Block Distance Xiangqian Wu, Peipei Wang, KuanquanWang, Yong Xu Biocomputing Research Centre (BRC) School of Computer Science and Technology Harbin Institute of Technology, Harbin 150001, China {xqwu, wpp, wangkq, yxu}@hit.edu.cn
Abstract Information security is becoming increasingly important in our information driven society. Cryptography is one of the most effective ways to enhance information security. Biometrics based cryptographic key generation techniques, in which biometric features are used to generate cryptographic keys, have been developed to overcome the shortages of the traditional cryptographic methods. An essential issue of biometric cryptographic key generation is to remove the variance between biometric templates of genuine users. In previous works, error correction techniques are used to eliminate these variances. However, these techniques can only be used to remove errors in Hamming metric whereas many biometric templates are real valued vectors and cannot use Hamming distance to measure the similarity, which means that the error correction techniques can not be directly used to remove the variance between these biometric templates. In this paper, we proposed a novel biometric cryptographic framework based on city block distance. In the proposed framework, the real valued biometric feature vector is firstly quantized and then encoded into a binary string in such way that the city block distance between two feature vectors is converted to Hamming distance between two binary strings. After that, the error correction techniques are used to eliminate the errors between the strings of the genuine users. Finally, the error free string is hashed to form a cryptographic key. The experimental results conducted on face and palmprint biometrics demonstrate the effectiveness of the proposed framework.
1. Introduction Information security is becoming a more and more important issue nowadays. One of the effective solutions to enhance the information security is to use of cryptography. In cryptographic systems, the most critical issue is cipher key management. There are some drawbacks to traditional cipher keys management. For example, if the cipher key is too short or too simple, it is easy to be cracked. On the other hand, if the key is long and complex, it is not easy to be
978-1-4244-5498-3/09/$25.00 ©2009 IEEE
memorized and if it is stored somewhere it may be lost or stolen. Biometrics, as the inherent and unique characteristics of human beings, has a long history being used for identity recognition. Combining biometrics with cryptosystems could overcome the shortages of traditional cryptographic methods [1]. However, it is almost impossible to directly use a biometric template as a cipher key since the biometric templates obtained from the same user at different times are always varied, whereas the traditional cryptographic algorithms, such as DES, AES and RSA, require that the cipher keys used for encryption and decryption should be exactly identical. Therefore, the essential issue of the biometric cryptography is to eliminate the variance between the biometric templates of the genuine user. Biometric templates have many types such as the binary strings, feature point sets and feature vectors, etc. In previous researches, different methods have been proposed to eliminate the variance in respect of different types of biometric templates. Davida et al. [2] extracted a binary string from iris as a cipher key. In encryption phase, the authors computed the check bits of the binary string by using error correction coding technique and stored the check bits. In decryption phase, they concatenated a binary string which is extracted from a claimer’s iris with the check bits and decode it using error correction decoding technique. The variance eliminated in their method is measured by Hamming distance. Hao et al. [3] proposed a two layer key generation framework in which a binary key is bound with a binary biometric template that is extracted from iris. They studied the error pattern in the biometric template and learned that there are two types of errors in biometric template and therefore employed two different kinds of error correction techniques to correct each type of errors respectively. Juels et al. [4, 5] proposed a method to eliminate the variance between the feature sets. They designed a “fuzzy vault” to lock the secret information. Only if the features used to unlock the “fuzzy vault” overlap enough elements of the features used to lock the “fuzzy vault”, the secret information can be recovered. Clancy et al. [6] implemented a fuzzy vault scheme based on fingerprints. In their experiment, a 69 bits key was derived but the FRR is relatively high.
In this paper, we will concentrate on cipher key generation schemes based on real valued biometric feature vector. Monrose et al. [7, 8] proposed a hardening password mechanism using key stroke dynamics. The biometric template of key stroke dynamics is a real valued feature vector. If a feature is distinguishable enough, it will be binarized to 1 or 0. Otherwise, the feature will be discarded in an implicit way. The binary string will then be bound with a traditional password through a secret sharing scheme. If all distinguishable key stroke dynamic features are close to the one used in registration, these features will be binarized into the same binary values and the password can be recovered. In their method, each feature is only binarized to one bit that can not provide enough security. To overcome this problem, Chang et al [9] proposed a method to binarize each component of the biometric feature vector to different number of bits. In their method, the more distinguishable a component is, the more bits this component is binarized to. Each component is quantized to a binary substring and all of the substrings of the feature vector are concatenated to form the cryptographic key. Obviously, only when all of the components are correctly binarized, the decryption is successful. As we know that the values of a biometric template can be disturbed by noise easily, a prominent noise may greatly affect one or several components of the genuine feature vector and result in errors when these components are binarized using Chang’s method, and therefore the genuine user may fail to decrypt the secrete information. To avoid the effect of a single big deviation in an genuine user’s feature vector, this paper proposes a novel framework based on city block distance, which consider the sum of the deviation of all components and, therefore, can reduce the effect of a single big deviation in the decryption phase. The rest of this paper is organized as follows. Section 2 proposes the biometric cryptographic framework based on city block distance. Section 3 discusses the quantization and coding of the biometric feature vector. Section 4 presents the key steps of the proposed framework. Section 5 contains the experimental results and analysis and Section 6 provides a conclusion.
2. Proposed Framework The proposed framework is shown in Figure 1. There are two phases in this framework, the encryption and decryption phases.
2.1. Encryption Phase In encryption phase, a feature vector is firstly extracted from a user’s biometric trait by using some feature extraction method. Then the feature vector is quantized into a quantization vector (QV), and at the same time, some assistant data (AD) is also generated and kept, which will be used to quantize the feature vector in decryption. After
(a) Encryption Phase.
(b) Decryption Phase. Figure 1: The proposed framework.
that, QV is converted into a binary string (BC) and BC is encoded by using some error correction technique (e.g. BCH), and keep the check bits (CB) which will be used in decryption for correcting errors. Finally, BC is converted to a cryptographic key (CK) by using a hash function (e.g. MD5) and used to encrypt a secret message. Only the encrypted message (EM), AD and CB are kept and other information is discarded in this phase.
2.2. Decryption Phase In decryption phase, a feature vector is extracted from a user’s biometric using the same feature extraction method as used in encryption phase. Then AD is used to convert this feature vector to a binary string (BC’). Concatenate BC’ with CB and decode it to get the corrected code CC using the same error correction technique. Finally, the corrected code CC is converted into the decrypting key using the same hash function and used to decrypt the secret message. Since the proposed framework aims to eliminate the variance of real valued feature vectors in city block distance, we will discuss in details the quantization and coding techniques which can convert the city block distance of feature vectors to Hamming distance of binary strings in the following section.
3. Quantization and Coding In a n-dimension space, a city block distance of two vectors V1 and V2 is defined as below:
n
D(V1 ,V2 ) = ¦ v1,i − v 2,i
(1)
i =1
Zhere of
v1,i and v 2,i is the ith ( i = 1,2, ! , n ) component
V1 and V2 respectively. To convert the city block distance of
V1 and V2 ˈ i.e.
D(V1 ,V2 ) , to Hamming distance, we firstly quantize each component of these feature vectors and then encode them into binary strings in such way that the Hamming distance of the binary strings is the approximation of the city block distance between V1 and V2 .
Figure 2: Quantization and Coding Illustration.
3.1. Quantization In this subsection, we use Chang’s method [9] to quantize the feature vector. In this method, the distribution of each component of all users’ feature vectors, i.e. global distribution, and that of a certain user’s feature vectors, i.e. user distribution, are firstly computed. Generally, the global distribution domain is much larger than the user distribution domain. Then the global distribution domain is equally divided into several intervals in such way that the center of one interval locates where the mean of the user distribution is and the size is decided by the standard deviation of the user distribution. Let V = (v1 , v2 ,..., vn ) be a feature vector. The process to quantize
V includes following steps (see Figure 2): vi , computing the mean and
(1) For each component
Li and R i , as following: Li = min(μ gi − K g × δ gi , μui − K u × δ ui )
(2)
R i = max(μ gi + K g × δ gi , μui + K u × δ ui )
(3)
as
and
Ku
are
constant
parameters.
K g determines the size of the whole quantization domain and
K u controls the size of the quantization intervals,
denoted as
less than ( x + 1) . (4) Determining the left boundary LB and the right boundary RB of all the quantization intervals as below:
LB i = μui − K u × δ ui − LS i × step i
(8)
RB i = μui + K u × δ ui + RS i × step i
(9)
i
i
step i : step i = 2 × K u × δ ui
LB , RB and step for each component vi are stored as the assistant data AD. Using AD, we can quantize any feature vector.
3.2. Coding
quantization intervals
N = LS + RS + 1 i
i
LS = ª( μ − K u × δ − L ) step i
i u
i u
i
i
from left to right, and letting
º
(6)
(10) i
i
nj = j .
(3) Deciding the interval which vi belongs to:
where (5)
i
[ LB , RB ] into N i i intervals with size step , denoted as n0 , n1 ,..., nN i −1
(2) Equally dividing the domain
(4)
[ Li , R i ] into N i intervals with size step i :
Ni:
N i = ( RB i − LB i ) step
(3) Equally dividing a domain which covers the range i
i
string with AD in the following way: (1) For each component vi , computing the number of
i
Kg
is the operation to get largest integer which is
vi , denoted
i g
( μ u , δ u ), respectively.
where
ªx º
) and
using the training dataset, denoted as ( μ , δ i g
(2) Computing the left and right boundaries of
where
(7)
In this subsection, we encode each quantization interval with a binary string to convert the quantization distance into Hamming distance. For a feature vector V = (v1 , v2 ,..., vn ) , we encode it into a binary
variance of global distribution and user distribution by i
RS i = ª( R i − μui − K u × δ ui ) step i º
¬x ¼
« v − LB i » ni ' = « i i » ¬ step ¼ is the operation to get the smallest integer
which is bigger than ( x − 1) . value of
(11)
vi , that is
ni ' is the quantizing
vi ≈ ni '
(12)
ni ' using a ( N i − 1 ) bits binary substring bi in which the most left i bits are 1s and the
(4) Encoding
remaining bits are 0s. Obviously,
| ni ' − n j ' |=| i '− j '|= H (bi , b j ) (13) where H ( x, y ) is the Hamming distance between String x and y . (5) Concatenating all of the substrings to form the final binary string of V , B = b1b2 ...bn . Figure 2 shows an example of quantization and binary coding of a single component, where Let
N i is 6.
V1 = (v1,1 , v1, 2 ,..., v1,n ) , V2 = (v2,1 , v2, 2 ,..., v2, n )
denote two feature vectors and
B1 = b1,1b1, 2 ...b1,n ,
B2 = b2,1b2, 2 ...b2, n be their corresponding binary strings. According to Eq. (12) and (13), the city block distance between V1 and V2 , D(V1 ,V2 ) can be computed as following: n
i =1
n
i =1
4.2. Decryption The decryption procedure includes the following steps: 1) A user’s biometric trait is captured once and the feature vector is extracted. 2) Encode the feature vector using AD into a binary string, BC’. 3) Concatenate BC’ with CB, denoted by BC’||CB, and decode BC’||CB using the error correction technique to obtain a corrected code, CC. 4) Use the same hash function to convert CC to a fix length binary string as the decrypting key. 5) Decrypt the EM using the key.
5. Experimental Results and Analysis
D(V1 ,V2 ) = ¦ v1,i − v2,i ≈ ¦ n1,i − n2,i
into a binary string BC by using the binary coding scheme proposed in section III. 4) Employ a certain error correction technique (e.g. BCH) to encode BC, and keep the check bits, CB. 5) Use a certain one way hash function (e.g. MD5) to convert BC to a fixed length binary string as the encrypting key. 6) Encrypt the message using the key to obtain the encrypted message, EM. The outputs of the encrypting phase are AD, CB and EM.
(14)
n
= ¦ H (b1,i , b2,i ) i =1
= H ( B1 , B2 ) From Eq. (14), the city block distance of two feature vectors D(V1 ,V2 ) has been converted to Hamming distance of two binary strings.
4. Encryption and Decryption 4.1. Encryption The global mean and global standard deviation are computed using training dataset before the encryption. And the crucial steps in encryption phase are listed as following: 1) A user’s biometric trait is captured several times. For each sample, a feature vector is extracted. We compute the mean and the standard deviation of each component of these feature vectors. 2) Quantize the global feature distribution domain of each feature dimension by using the method proposed in section III. LB, RB and step of each component are stored as assistant data, AD. 3) With AD, encode the mean of the user’s feature vectors
Our experiment is conducted on ORL face database [10] and palmprint database respectively. The face database contains 400 samples of 40 users with each user having 10 samples. The feature vector is a 25-dimensional real valued vector extracted by using a penalized subspace learning framework as proposed in [11]. We selected randomly 50% biometric templates from each user for training. That means we use 5 feature vectors from the same user in encryption stage. The palmprint database contains 2000 samples of 100 users. Each user provided 20 samples. The palmprint template is a 256-dimensional real valued vector which is composed of the average energy values extracted by using a set of 2D Gabor filters. In biometrics based system, the False Rejection Rate (FRR), and False Acceptance Rate, FAR, are usually used to evaluate the performance of the system. The detection error trade-off (DET) curve, which is plot FAR against FRR, is an effective technique to compare the performance of different methods. In our experiments, K g = 4 . The DET curves of the proposed framework with different values of K u on face and palmprint databases are shown in Figure 3 and Figure 4, respectively. For comparison, the DET curves of Chang’s method [9] on the same databases are also plotted in the corresponding figures.
Figure 3: DET curves of face database.
As shown in Figure 3, all DET curves based on the proposed framework are under the curves of Chang’s methods. And from Figure 4, most DET curves of the proposed framework are under the curve of Chang’s method, which means that the proposed framework outperform Chang’s method on both face and palmprint datasets. The reason is probably that our framework considered the difference of all components between the feature vectors while Chang’s method only takes account the maximum difference of the components.
6. Conclusion In biometrics based cryptographic systems, the generation of cipher key in decryption is based on the closeness of biometric template to the one used in encryption. In this paper, we proposed a novel framework based on the city block distance. In this framework, the city block distance between two real valued feature vectors is converted to Hamming distance of two binary strings, and then the error correcting technique are used to remove the variance in the genuine template and form the cipher key. Since the city block distance is the sum of the difference of all components of the vectors, the proposed framework can outperform the previous ones which only consider the maximum difference in the components.
Acknowledgement This work was supported in part by the Natural Science Foundation of China (NSFC) under Contract No. 60873140 and 60602038, the National High-Tech Research and Development Plan of China (863) under Contract No. 2007AA01Z195, the Program for New Century Excellent Talents in University under Contract No. NCET-08-0155 and NCET-08-0156 and the Natural Science Foundation of
Figure 4: DET curves of palmprint database.
Heilongjiang Province of China under Contract No. F2007-04.
References [1] U. Uludag, S. Pankanti, and S. Prabhakar, A. Jain. Biometric cryptosystems: Issues and challenges. Proceedings of the IEEE, 92(6):948-960, 2004. [2] G. Davida, Y. Frankel, and B. Matt. On enabling secure applications through off-line biometric identification. IEEE Symposium Privacy and Security, 148-157, 1998. [3] F. Hao, R. Anderson, and J. Daugman. Combining crypto with biometrics effectively. IEEE Transactions on Computers, 55(9):1081-1088, 2006. [4] A. Juels, and M. Sudan. A fuzzy vault scheme. Designs, Codes and Cryptography, 38(2): 237-257, 2002. [5] A. Jules, and M. Wattenberg. A fuzzy commitment scheme. ACM Conference on Computer and Communication Security, 28-36, 1999. [6] T. Clancy, N. Kiyavash, and D. Lin. Secure Smart Card-Based Fingerprint Authentication. ACM SIGMM workshop on Biometrics Methods and Application (WBMA), 45-52, 2003. [7] F. Monrose, M. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. ACM Conf. Computer and Communications Security, 73-82, 1999. [8] F. Monrose, M. Reiter, Q. Li, and S. Wetzel. Cryptographic key generation from voice. IEEE Symposium Privacy and Security, 202-213, 2001. [9] Y. Chang, W. Zhang, and T. Chen. Biometrics-based cryptographic key generation. In ICME, 2203-2206, 2004. [10] ORL face database. http://www.cl.cam.ac.uk/Research/DTG /attarchive/facesataglance.html [11] W. Zuo, L. Liu, K. Wang, and D. Zhang. Spatially Smooth Subspace Face Recognition Using LOG and DOG Penalties. Lecture Notes on Computer Science, 5553(3): 439-448, 2009.